Lost Backup Drive Contained PHI of More than 500 EEG Patients

Baptist Medical Center South of Jacksonville, Florida has discovered a backup drive containing the electronic protected health information of 531 patients has gone missing. The portable storage drive was discovered to be missing on May 18, 2017. The device is believed to have been taken from an EEG room.

A full search for the device was conducted but it could not be located. Baptist Medical Center South was unable to determine whether the portable drive had been borrowed by a member of staff and not returned, was misplaced, stolen or had been accidentally discarded. Baptist Medical Center South was also unable to determine when the device went missing.

An investigation was conducted which enabled the medical center to determine which data had been backed up on the device. The information stored on the drive was limited to names, dates of birth, physician’s orders, medical record numbers, diagnoses, reasons for study, images taken during EEG tests and patients’ room numbers. The data related to certain patients who had visited the medical center for EEG testing in 2015, 2016 and 2017. No financial information or Social Security numbers were stored on the device.

The device was not protected with encryption, although patients’ electronic protected health information could only be accessed using special software. If the device was taken, that would make it difficult for the thieves to access patients’ information.

No reports have been received to suggest any information on the device has been accessed or misused, although patients whose protected health information was exposed have now been notified by mail out of an abundance of caution and to satisfy regulatory requirements.

In order to prevent future security incidents of this nature from occurring, Baptist Medical Center South has reinforced and enhanced its security practices and has re-educated all staff that work in the EEG department.

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

HIPAA

Compliance

Guide

About HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines. HIPAA Journal's goal is to assist HIPAA-covered entities achieve and maintain compliance with state and federal regulations governing the use, storage and disclosure of PHI and PII.